| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 Apr 2012 18:43:18 +0200
From: rancor <therancor@...il.com>
To: klondike <klondike@...cosoft.es>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: FSA2012-1 and FSA2012-2: Chocolate easter
egss vulnerable to egg white injection and usable as trojan horses.
Nice catch!
"Glad påsk" as we say in Sweden
Den 7 apr 2012 16:23 skrev "klondike" <klondike@...cosoft.es>:
> Given to their nature chocolate easter eggs present a few
> vulnerabilities that can be exploited by a malicious attacker to gain
> complete control of a person's hate.
>
> FSA2012-1:
> 1. Summary
> Impact: high
> Exploitability: local
> Synopsis: Through some special unintended actions and attacker can cause
> an egg white injection into chocolate easter egss altering the nature of
> the system.
>
> 2. Impact
> Backgorund:
> Chocolate easter eggs are a treat liked by both children and adults
> during and eaten most frequently during easter.
>
> Description:
> Using a syringe with an hypodermical needle a local attacker can cause
> an egg white injection into the egg inside. This can also be combined
> with FSA2012-2 in order to creat trojanized chocolate eggs with a crude
> egg payload.
>
> Impact:
> Injected eggs can be used to affect through social engineering
> techniques to standard chocolate eggs eaters causing them to redirect
> all their rage towards you. In critical cases like allergies the
> individual may end up dying.
>
> 3. Workarounds:
> There is currently no known workaround to the issue since it is inherent
> to the easter chocolate eggs design.
>
> FSA2012-1:
> 1. Summary
> Impact: high
> Exploitability: local
> Synopsis: Through some special unintended actions and attacker can craft
> trojanized chocolate easter egss whose contents won't be realized by the
> attacker until it has happened.
>
> 2. Impact
> Backgorund:
> Chocolate easter eggs are a treat liked by both children and adults
> during and eaten most frequently during easter.
>
> Description:
> It is possible to craft eggs containing the desired solid objects or
> half of its contents filled with other products in not solid state. This
> is done by joining both moulded egg halves together with the contents on
> one of them, or coating the object in chocolate if it is eggshaped.
>
> Impact:
> Trojanized eggs can be used to affect through social engineering
> techniques to standard chocolate eggs eaters causing them to redirect
> all their rage towards you. In critical cases like allergies the
> individual may end up dying. There have been cases where shelled hard
> boiled eggs where coated in crocant chocolate in order to send the
> affected user to the hospital.
>
> 3. Workarounds:
> There is currently no known workaround to the issue since it is inherent
> to the easter chocolate eggs design.
>
> Thanks:
> ss23
> Vinky
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists